A defect in the in-memory journal logic can leave the read cursor for the
in-memory journal in an inconsistent state, which can result in a segfault.
No simple test case is (currently) available for this problem. One must
make heavy use of the SAVEPOINT operation to make it happen.

This problem was discovered by Django testing.

drh added on 2016-04-07 20:54:57:

The problem only comes up when the size of a savepoint journal (which is a
multiple of 1028 bytes) is an exact multiple of the in-memory journal buffer
size, which defaults to 1016 bytes on 64-bit machines and 1020 bytes on
32-bit machines. And even then, you have to do just the right sequence of
SAVEPOINT operations to get the cursor to be reused.